Download

Sections

Calendar

Today is 22.2.2019, in Czech Republic it's the name day of Petr

KeePassJ2ME bug fix

Everybody knows it, for your day-to-day life on the Internet it's necessary
to know dozens of passwords to different sevices. It's impossible to remember
them all (for standard human being) so you have a dilemma whether to use one
password for more services or write the passwords down. It's obvious that both
of these options possess a high security risk, but that's not what I want to
write about today. I used to write the passwords down to a standard text file
in the past but after I've started to use a notebook I had suddenly the
passwords copied in several places (PC, notebook, mobile phone) and I came to a
conclusion that this might be the time to change the way I store the passwords,
so it will be more difficult to obtain the passwords for a potential
thief/hacker/cu­rious person.

I made some research and decided for a specialized application that will
store the passwords in an encrypted form with one master password, that
I will choose sufficiently strong and keep only in my head. I searched through
the Internet and ended up with the KeePass application, that
has everything I need and besides that is free of charge. The application
itself has many advantages, that you can find out on it's homepage, but the most important
one for me is that there's also a version for the Symbian
operating system, that I have in my cell phone Nokia N73. This
version is called KeePassJ2ME and
should run on all mobile Java enabled phones.

Well, perfect, I downloaded the software (you don't have to install it),
uploaded all my passwords into the KeePass database and removed
all the text files. Subsequently I copied the database to my mobile and tried
to open it. But! After entering the password the only thing I got was a
java.lang.Inde­xOutOfBoundsEx­ception message. Nice.
Nevertheless I have already decided to use the application so I decided to fix
the mobile version. I downloaded the NetBeans
IDE and even though I'm not a Java guy at all (I made only a few simple
apps, none of them using the mobile Java) I began to look for the bug. It took
me some time to figure out how to set up the application and compile it, i.e.
how to create a working .jar archive, but after that the rest was quite
straightforward.

The bug consisted in some missing icons, present in the PC version,
that I unfortunately used in my database to distinguish the password folders.
Here's where the buggy code is located:

So, the fix was simple – I added the missing icons to the archive, fixed
the code, just to be sure it won't happen in the future and also updated the Bouncy Castle library that provided the
application with cryptography functions. After these small fixes everything
works fine.